Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cgustave
Staff
Staff

Created on ‎11-03-2016 03:07 AM Edited on ‎10-24-2024 08:54 AM By Staff

Article Id 198502

Technical Tip: Conserve mode changes in FortiGate 5.6 and above

Description

 

This article describes the changes to conserve mode self protection mechanisms starting in version 5.6.

 

Scope

 

FortiGate version 5.6 and above.

 

Solution

 

The main differences are as follows:

 
  • No more distinction between 'kernel' versus 'Proxy' or 'system' types of conserve mode.
  • Definitions for 3 thresholds: 'green', 'red', 'extreme', all adjustable through the CLI.
  • A new trigger based on 'memory used'.
  • New event logs.
  • New diagnose command 'diagnose hardware sysinfo conserve'.
  • New conserve mode stats in proxy stats via 'diag sys proxy stats all' (see the conserve_mode line).

3 memory thresholds: green, red, and extreme.

 

'red' and 'extreme': Both 'red' and 'extreme' are thresholds to enter in 'conserve mode' when the system memory used is over their thresholds.

When the used memory goes over the defined red threshold, the kernel raises the conserve mode state. FortiGate functions reacting to conserve mode state, like antivirus transparent proxies, would apply their own restriction based on their settings.
 
If the used memory continues to increase and reach the 'extreme' threshold, conserve mode actions taken with the red threshold are still active and additionally new sessions will be dropped.
  
'green': When used memory goes below the 'green' threshold, kernel releases the conserve mode state. FortiGate functions reacting to conserve mode state would stop their restriction measures.
 
Extreme: FortiGate starts to drop new sessions
Red: FortiGate enters conserve mode and No Quarantine or Sandboxing
Green: FortiGate exits conserve mode
 

Configurable thresholds.

 

Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.

 
Default values are : 
  • Red: 88% of total memory  is considered "used memory"
  • Extreme: 95% of total memory is considered "used memory"
  • Green: 82% of total memory is considered 'used memory'.

 

Configuration (CLI only):

 

config system global
set memory-use-threshold-extreme 95
set memory-use-threshold-red 88
set memory-use-threshold-green 82
end
 

Diag command:

 

 
1.png
46539
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.